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Abstract 

Dependently typed A-calculi such as the Logical Framework (LF) 
can encode relationships between terms in types and can naturally 
capture correspondences between formulas and their proofs. Such 
calculi can also be given a logic programming interpretation: the 
Twelf system is based on such an interpretation of LF. We con- 
sider here whether a conventional logic programming language can 
provide the benefits of a Twelf-like system for encoding type and 
proof-and-formula dependencies. In particular, we present a simple 
mapping from LF specifications to a set of formulas in the higher- 
order hereditary Harrop (hohh) language, that relates derivations 
and proof-search between the two frameworks. We then show that 
this encoding can be improved by exploiting knowledge of the well- 
formedness of the original LF specifications to elide much redun- 
dant type-checking information. The resulting logic program has a 
structure that closely resembles the original specification, thereby 
allowing LF specifications to be viewed as hohh meta-programs. 
Using the Teyjus implementation of AProlog, we show that our 
translation provides an efficient means for executing LF specifi- 
cations, complementing the ability that the Twelf system provides 
for reasoning about them. 

Categories and Subject Descriptors D.3.2 [Programming Lan- 
guages]: Language Classifications — Constraint and logic lan- 
guages; F.4.1 [Mathematical Logic and Formal Languages]: Math- 
ematical Logic — Lambda calculus and related systems. Logic and 
constraint programming. Proof theory 

General Terms Theory, Languages 

Keywords logical frameworks, dependently typed lambda calculi, 
higher-order logic programming, translation 

1. Introduction 

There is a significant, and growing interest in mechanisms for spec- 
ifying, prototyping and reasoning about formal systems that are de- 
scribed by syntax-directed rules. Dependently typed A-calculi such 
as the Logical Framework (LF) 1111 provide many conveniences 
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from a specification perspective in this context. Such calculi fa- 
cilitate the use of a higher-order approach to describing the syn- 
tax of formal objects and they allow relationships between terms 
to be captured in an elegant way through type dependencies. Fur- 
thermore, dependently typed A-calculi enjoy a well-known isomor- 
phism between formulas and types [12], leading to a unification of 
the concept of a proof of a formula with an inhabitant of a given 
type. Thus, the search for type inhabitants can be identified with 
proof-search and can thereby be given a logic programming inter- 
pretation. The Twelf system [ 19] that we consider here exploits 
these possibilities relative to LF. As such, it has been used suc- 
cessfully in specifying and prototyping varied formal systems, and 
mechanisms have also been built into it to reason about specifica- 
tions. 

Predicate logics are also capable of encoding syntax-directed 
specifications, and provide the basis for logic programming lan- 
guages in the familiar tradition of Prolog. Within this framework, 
the logic of higher-order hereditary Harrop (hohh) formulas llal 
that underlies the language AProlog |T6] provides a builtin abil- 
ity to treat binding notions in syntax and thus has particular use- 
fulness in representing formal systems. However, unlike LF, this 
logic cannot reflect dependencies between objects into types and 
does not directly represent the relationship between formulas and 
their proofs. While such correspondences can always be encoded 
by hand through auxiliary predicate definitions, it is of interest 
to understand if a systematic encoding is possible. A specific 
form to this question is if Twelf specifications can be translated 
into AProlog programs, allowing such specifications to be seen as 
AProlog "meta-programs." There are benefits to such a possibility: 
the convenience of writing specifications using dependent types can 
be combined with the ability both to execute them via an efficient 
AProlog implementation, and to reason about them usi ng l ogi cs and 
systems meant for analyzing hohh descriptions r2l[7l. [l0l[l4ll . 

A partial answer to the question raised above has been provided 
by Felty, who described a translation of LF specifications to hohh 
formulas and then showed that LF derivations correspond exactly 
to hohh derivations of the translated LF judgment |5, 6]. The focus 
on matching derivations allows Felty to assume the existence of 
a complete LF judgment, and, in particular, of an LF object in 
her translation. However, this assumption is inappropriate in our 
context, given that we are interested in constructing proof terms 
that show particular types are inhabited, i.e., in proof search that 
plays a fundamental role in the logic programming setting. We 
therefore refine the earlier mapping to remove this assumption and 
show that the resulting translation preserves derivability in a sense 
relevant to the logic programming interpretation; an important part 
of our proof is showing how to extract an LF object satisfying 



a type from a derivation constructed using the hohh version of 
the specification. Our first encoding may include redundant type- 
checking judgments which obscure the translated specification and 
can result in poor execution behavior. We design conditions for 
eliminating some of these judgments, resulting in an improved 
translation that corresponds closely to the intention of the orginal 
LF specification. This part of our work relies on an analysis of the 
structure of LF expressions and also has relevance, for example, 
to providing compact representations of proof terms. Finally, we 
demonstrate that the execution of the translated form by means of 
the Teyjus implementation 1 9] of AProlog 1161 provides an effective 
means for animating Twelf programs. 

In the next two sections, we describe a relevant fragment of the 
hohh logic and the Twelf specification language. Section |4] then 
presents our first translation. In the following section, we describe 
and exploit a property of LF expressions and type-checking to re- 
fine the earlier translation, producing a more efficient and transpar- 
ent version. Section[6]provides experimental data towards support- 
ing the use of this translation as a means for executing Twelf pro- 
grams. We conclude the paper with a discussion of related work and 
possible future directions. This work has been developed in |24]; 
we refer the reader to that document for complete proofs and more 
detailed discussions. 

2. A Higher-Order Predicate Logic for 
Describing Computations 

The logic of hohh formulas is based on an intuitionistic version 
of Church's simple theory of types [J. Both logics are built over 
a typed form of the A-calculus. The types are constructed using 
— >■, the infix, right associative function type constructor, starting 
from a finite collection of atomic types that includes o, the type of 
propositions, and at least one other typey We assume that we are 
given sets of variables and constants, each with an associated type. 
The full collection of (typed) terms is generated from these by the 
usual abstraction and (left associative) application operators. Terms 
that differ only in the names of their bound variables are not dis- 
tinguished. We further assume a notion of equality between terms 
that is generated by /3- and r;-reduction. It is well-known that ev- 
ery term has a unique normal form under these reduction opera- 
tions in this simply-typed setting. All terms are to be converted into 
such a form prior to their consideration in any context. We write 
t[si/xi , . . . , Sn/xn] to dcnotc the result of simultaneously replac- 
ing the variables xi, . . . ,Xn with the terms si, ..., Sn in the term 
i, renaming bound variables as needed to avoid accidental capture. 
This substitution operation is defined only when Si and Xi are of 
the same type for 1 < i < n. 

We will use only a fragment of the full hohh logic here; this 
fragment still possesses the proof-theoretic properties that are fun- 
damental to the logic programming interpretation of the hohh logic. 
The constants from which terms are constructed are differentiated 
into nonlogical ones that constitute a signature and logical ones. 
We do not permit o to appear in the type of the arguments of non- 
logical constants and variables. The logical constants are restricted 
to T of type o, 3 of type o — )■ o — 5- o that is written in the custom- 
ary infix form and, for each type a, II of type (q — >■ o) — >■ o. 11 
represents the universal quantifier as a function over sets. We ab- 
breviate n [Xx.F) by Wx.F. An atomic formula, denoted by A, is 
a term of type o of the form p ti ... f„ where p is a nonlogical 
constant. The logic of interest is characterized by two collections 
of terms called G- and D-formulas that are defined mutually recur- 
sively by the following syntax rules: 



G ■- T I ^ I D D G I Vx.G 
D ■- A\Gd D\ \/x.D 

A specification or logic program is a finite collection of closed D- 
formulas that are also called program clauses and a goal or a query 
is a closed G-formula. 

Computation corresponds to searching for a derivation of a se- 
quent of the form S; F — !> G where E is the initial (language) sig- 
nature, r is a logic program and G is a goal. Figure [T]presents the 
rules for constructing such a derivation. Read in a proof search di- 
rection, the Vi? rule leads to an expansion of the signature in the se- 
quent whose derivation is sought and the D R rule similarly causes 
an addition to the logic program. The expression "t is a S-term" in 
the VL rule means that i is a closed term all of whose nonlogical 
constants are contained in E. The derivation rules manifest a goal- 
directed character: to find a derivation for E; F — !> G, we simplify 
G based on its logical structure and then use the decide rule to select 
a formula from the logic program for solving an atomic goal. No- 
tice also that the decide rule initiates the consideration of a focused 
sequence of rules that is similar to backchainingQ In particular, if 
the formula selected from F has the structure 

(Va;i.7^iD...DVa;„.(F„Dyl')---) 
then this sequence is equivalent to the rule 

E;r-^Fi' ... E;r^F^ 



E;F 



A 



backchain 



which has the proviso that for some E-terms ti, . . . ,t„ that have 
the same types as xi, . . . ,Xn, respectively, it is the case that A is 
equal to A'[ti/xi, . . . , t„/x„] and, for 1 < i < n, _F/ is equal to 
Fi[ti/xi, . . . ,ti/xi]. 

The logic that we have described has been given an efficient im- 
plementation in the Teyjus system |9]. It is possible also to reason 
in sophisticated ways about specifications that are constructed us- 
ing it. To begin with, the logic has strong meta-theoretic properties 
arising from the fact that derivability in it corresponds exactly to in- 
tuitionistic provability. Moreover, it is possible to construct logics 
incorporating mechanisms such as induction to reason powerfully 
about what does and does not follow from a given specification 
1 1, 8, 10, 14]. In fact, systems such as Abella |7] and Tac |2] have 
been constructed to provide computer support for such reasoning. 

3. Logic Programming Using the Twelf 
Specification Language 

There are three categories of expressions in LF: kinds, types or type 
families that are classified by kinds and objects or terms that are 
classified by types. We assume two denumerable sets of variables, 
one for objects and the other for types. We use x and y to denote 
object variables, u and v to denote type variables and w to denote 
either. Letting K range over kinds, A and B over types, and M and 
A'^ over object terms, the syntax of LF expressions is given by the 
following rules: 



K 

A 

M 



Type I Ilx-.A.K 

u I Ux:A.B I Xx:A.B \ A M 
x\ Xx:A.M \M N 



Expressions of any of these kinds will be denoted by P and Q. 
Here, 11 and A are operators that associate a type with a variable 



-For 



reader unfamiliar with such 



' Other, non-interpreted type constructors can be added but are not dis- 
cussed here for simplicity. 



presentations, the expression 

S ; r — > A corresponds essentially to the selection of the program clause 
D as the one to backchain on. This then leads to instantiations of universally 
quantified variables and to the solution of the "body" goals of the clause us- 
ing the rules VL and D L, culminating eventually in solving the atomic goal 
by matching it with the head of the clause using the init rule. 



S;r 



TR S;ru{m — yg c^e Eu{c};r — >g[c/x] 



S;r— ^ddg 



Der E:r 



A 



E;r 



A 



decide EiT^A 



E;r — y-^x.G 
init 



iisaE-term E; T ''-!^"' ^ 
E;r^-^.l 



■VL 



E;r 



G E;r 



E:r'i^.l 



DL 



Figure 1. Derivation rules for the hohh logic 



and bind its free occurrences over the expression after the period. 
Terms that differ only in the names of bound variables are iden- 
tified. As with the hohh logic, P[A'^i/a::i, . . . , Nn/xn] denotes a 
simultaneous substitution with renaming to avoid variable capture. 
We write A — >■ P for Ilx:A.P when x does not appear free in P. 

We abbreviate Uxi:Ai Ux„:An-P by Ilx:A.P. 

LF expressions are equipped with a notion of /3-reduction de- 
fined through the rule {Xx:A.P) N -^p P[N/x]. All LF expres- 
sions that are well-formed in the sense formalized below normal- 
ize strongly under this reduction relation 1 11]. Moreover any well- 
typed expression P has a unique normal form up to changes in 
bound variable names. We denote this normal form by P*^. 

The type correctness of LF expressions is assessed relative to 
contexts that are finite collections of assignments of types and kinds 
to variables. Formally, contexts, denoted by F, are given by the rule 

F := ■\r,u: K\r,x: A 

Here, • denotes the empty collection. We write dom{r) to denote 
the variables with assignments in F. We are concerned with asser- 
tions of the following four forms: 

h F ctx r h K kind T h A : K F h M : A 



The first assertion signifies that F is a well-formed context. The 
remaining assertions mean respectively that, relative to a (well- 
formed) context T, K is a. well-formed kind, yl is a well-formed 
type of kind K and M is a well-formed object of type A. Figure|2] 
presents the rules for deriving such assertions. Notice that for a 
context to be well-formed it must not contain multiple assignments 
to the same variable. To adhere to this requirement, bound variable 
renaming may be entailed in the use of the pi-kind, pi-fam, abs-fam 
and abs-obj rules. The inference rules allow for the derivation of an 
assertion of the form T \- M : A only when A is in normal form. 
To verify such an assertion when A is not in normal form, we first 
derive T \- A : Type and then verify F h Af : A^. A similar 
observation applies toF \- A : K. 

A variable w that appears in an LF expression P that is well- 
formed with respect to a context F has a kind or type of kind 
Type associated with it through either an assignment in F or a 
binding operator. Moreover, the normal form of this kind or type 
must have a prefix of lis. If the length of this prefix is n, then an 
occurrence of w is fully applied if it appears in a subterm of the 
form w Ml . . . Mn . Further, P is canonical with respect to F if 
it is in normal form and if every variable occurrence in it is fully 
applied. A well-formed context F is canonical if the type or kind it 
assigns to each variable is canonical relative to F. A well-formed 
type of the form u Mi . . . Mn that is fully applied is called a base 
type. The LF system admits a notion of ?7-expansion using which 
any well-formed expression can be converted into a canonical form. 

In later sections we shall consider LF derivations in which 
all expressions in the end assertion are in normal form. Notice 
that every expression in the entire derivation must then also be in 
such a form. This in turn means that in judgments of the forms 



{\x:A.B) : (Jlx:A'.K) and {\x:A.M) : (J\x:A' .B) it must be 
the case that A and A' are identical. Finally, normalization need not 
be considered in the use of the var-fam and var-obj rules. 

The following "transitivity" property for LF derivations that 
follows easily from the results in |T1] will be useful later; here 
a stands for any judgment, and substitution and normalization 
over a and F corresponds to distributing these operations to the 
expressions appearing in them. 

Proposition 1 (Substitution). Let Fi, F2 be canonical contexts, 
and Abe a type in canonical form. IfTi \- M : A has a derivation, 
and TijX : ^, F2 h a has a derivation, then Fi, (F2[A//a;])^ h 
(a[Al/x])^ has a derivation as well. 

Additionally we will use a second property of LF derivations, 
which follows from Proposition[T] 

Proposition 2 (Renaming). Let P be a canonical type or kind, 
F = Fi,^ : P,V2 be a canonical context, and a a canonical 
judgment. Let y be a variable not bound in V, and not occurring 
in a. Then Ti,x : P, F2 h a has a derivation if and only if 
Vi,y : P,T2[y/x] h Q[y/a;] has one. 

The logic programming interpretation of LF is based on viewing 
types as formulas. More specifically, a specification or program in 
this setting is given by a context. This starting context, also called 
a signature, essentially describes the vocabulary for constructing 
types and asserts the existence of particular inhabitants for some of 
these types. Against this backdrop, questions can be asked about 
the existence of inhabitants for certain other types. Formally, this 
amounts to asking if an assertion of the form F h A/ : A has 
a derivation. However, the object M is left unspecified — it is to 
be extracted from a successful derivation. Thus, the search for a 
derivation of the assertion is driven by the structure of A and the 
types available from the context. 

A concrete illustration of the paradigm is useful for later discus- 
sions|j Consider a signature or context F comprising the following 
assignments in sequence: 

nat : Type 

z : nat 

s : nat — >■ nat 

list : Type 

nil : list 

cons : nat — > list -> list 

append : list — > list — >■ list — >■ Type 

appNil : UK :list. append nil K K 

appCons : IlX:nat.IlL:list.HK:list.IlM:list. 



^ The example of appending lists has been chosen here for its conciseness 
and because it allows for an easy connection with more traditional forms 
of logic programming. The primaiy application domain of Twelf is in 
specifying (and reasoning about) formal systems such as evaluators and 
interpreters for languages, type assignment calculi and proof systems. This 
orientation informs the choice of benchmarks used in Section[6] 



— ; null-ctx 

\- ■ ctx 

r \- K kind \- F ctx u^ dom(r) 

h r,u : K ctx 
r \- A: Type \- T ctx x ^ dom(r) 



h r,x : Actx 



kind-ctx 



type-ctx 



h Fctx 



r h Type kind 

\- Fctx u: K eV 
T \- u: K^ 



, . _, r \- A: Type r,x : A \- K kind 
type-kind ^ „ — , r^ . ■ pi-ldnd 



var-fam 



r h nx:A.K kind 
h r ctx X : AeT 

r \- x:A^ 

r \- A: Type r,x : A h B : Type 

— pi-fam 



var-obj 



r h (nx-.A.B) : Type 



T \- A: Type r,x : A h B : K 
r h (Xx-.A.B) : {Ux-.A/^.K) 

F \- A: Type F,x : A h M : B 
F h {\x:A.A4) : {Flx:A'^ .B) 



abs-fam 



abs-obj 



F \- A: Ux:B.K F \- M : B 
F h [AM) : {K[M/x]f 

F \- M : Flx-.A.B F h N : A 
F h {M N) : {B[N/x]f 



app-fam 
app-obj 



Figure 2. Rules for Inferring LF Assertions 



{append L K M) -^ 

[append (cons X L) K [cons X M)) 

We can ask if tliere is some term M sucli tiiat tlie judgment 

F \- M : append {cons z nil) 

{cons {s z) nil) 

{cons z {cons {s z) nil)) 

is derivable. Assuming that F is given by the ambient environment, 
such a query can be posed in Twelf simply by presenting the type 
expression. The logic programming interpreter of Twelf will find 
that the proof term 

{appCons z nil {cons {s z) nil) 
{cons {s z) nil) 
{appNil {cons (s z) nil))) 

inhabits this type and hence will succeed on the query. In reaching 
this conclusion, the interpreter will use the types involving append 
that are present in F. Further it will do this in a way that bears 
a close resemblance to the use of clauses in a Prolog-like setting, 
interpreting 11 like a universal quantifier and —J- like an implication. 
The simple example we have considered here will suffice to il- 
lustrate most of the later ideas in this paper but it does not bring 
out the richness of dependent types in specifications. We leave this 
demonstration to the many discussions already in the literature. We 
also note that Twelf has many additional features like allowing 11 
quantification in types to be left implicit and permitting instanti- 
atable variables in queries whose values are to be found through 
unification. While these aspects are treated in our implementation, 
to keep the theoretical discussions focused, we shall assume that 
the only capability that is to be emulated is that of determining the 
derivability of an assertion of the form F h M : Am which F 
and A are in canonical form (and M is left unspecified). This as- 
sumption is easily justified: these will be "type-checked" prior to 
conducting a search and the Twelf system assumes equality under 
ry-conversion. 



4. From Twelf Specifications to Predicate 
Formulas 

Felty has previously shown how to translate LF specifications and 
judgments into hohh formulas o,|g|. Her translation proceeds in 
two steps. First, she describes a coarse mapping of LF expressions 
into (simply typed) A-terms. This mapping loses information about 
dependencies in types and kinds and also does not reflect the corre- 
spondences between objects and types and types and kinds. These 
relationships are encoded later through binary predicates over A- 
terms. 

The general structure of Felty's translation is applicable in the 
context of interest to us. However, the details of her mapping do 
not quite fit our needs because of her focus on derivations in 
the LF and hohh logics. One manifestation of this is that her 
translation is not based exclusively on types, but assumes also 
the availability of the objects they are intended to qualify. This 
is not acceptable in the context of proof search where the task is 
precisely to determine the existence of those objects: we need a 
translation that is only based on the type, and which can be applied 
to an hohh metavariable to correspond to an LF query whose 
object is left unspecified as a metavariable. Second, the correctness 
result only states an equivalence between LF derivability and hohh 
derivability for known LF assertions, and does not consider, for 
example, whether it is possible for non-canonical or ill-formed 
objects to be produced in the course of searching for proofs from 
the hohh specification. In contrast, our completeness result will 
guarantee that after running a query with a metavariable standing 
for the (encoding of the) object, the only possible instantiations of 
that metavariable are actual encodings of terms. 

The first step towards producing a translation into hohh that 
can be used to interpret Twelf specifications is to adapt Felty's 
translation in a way that makes it acceptable in logic programming 
discussions. Our translation shall only account for judgments of the 
form F \- M : A since these are the only ones of interest in the 
logic programming setting described in the previous section. The 
adequacy of this restriction actually relies on an auxiliary, easily 
verified, fact: if F h A : Type is known to have a derivation and 
the last rule in a purported derivation of F h M : A is an abs-obj. 



4>{A) :— If-obj when A is a base type 
(j)(nx:A.P) ■- <f>{A) -^ (j)(P) <l>iType) := If-type 

{uMi...M„) ■- u (Ml) . . . {M„) 
{x Ml . . . M„) := X (Ml) . . . (M„) {Xx:A.M) ■- X'>'^'^^x.{M) 

iUx-.A.BJ ■- AM. Vx. ilA} x) D iiBJ (M x)) 

S^ J := AM. hastype M (A) where ^ is a base type 



Figure 3. Encoding of types, objects, and simplified translation of LP judgments to hohh 

hastype z nat 

Vn. hastype n nat D hastype (s n) nat 

hastype nil list 

Vn. hastype n nat D V/. hastype I list D hastype {cons n I) list 

VL hastype I list 3 hastype (appNil I) {append nil 1 1) 

\/x. hastype x nat D VZ. hastype I list D Vfc. hastype k list D Vm. hastype m list D 

Va. hastype a {append I k m) D hastype {appCons xl k ma) {append {cons x I) k {cons x m)) 

Figure 4. Simple translation of the LF specification for append 



then the left premise for the latter derivation must have a proof and 
hence does not need to be encoded by the translation. 

Our translation is presented in Figure [3] This translation first 
encodes LF objects and types in hohh terms by dropping a lot 
of typing information; as mentioned already, this information will 
be recovered later in the encoding of LF judgments. Under this 
translation, an object (type) of type (kind) P is represented by an 
hohh term of simple type (t>{P), built from the atomic types If-type 
and If-obj. The encoding of an object or base type Q is then given 
by (Q) ; note that in the process we assume a reuse of (LF) variable 
names with an appropriate type as part of the corresponding hohh 
signature. As an example, the LF signature at the end of the last 
section leads to the following hohh signature: 

nat : If-type 

z : If-obj 

s : If-obj -5> If-obj 

list : If-type 

nil : If-obj 

cons : If-obj — >■ If-obj — >■ If-obj 

append : If-obj — >■ If-obj — > If-obj -> If-type 

appNil : If-obj — > If-obj 

appCons : If-obj — >■ If-obj — >■ 

If-ohj -^ If-obj -^ If-obj -^ If-obj 

Further, the LF type append nil nil nil gets translated to the same 
term in hohh, where it has type If-type. This translation behaves 
well with respect to substitution and /3-conversion, and is injective 
for objects (types) of the same type (kind). Finally, we take up the 
translation of LF type assignments and judgments in the last two 
clauses in Figure [5] To emphasize reliance only on the structure of 
types, these clauses describe explicitly only the translation of an LF 
type A. Such a type is mapped into an hohh predicate denoted by 
§ylj that, intuitively, codifies the property of being a translation of 
an LF object of type A. This translation is defined on all canonical 
types and uses the hohh predicate hastype of type If-obj — > 
If-type — >■ o. If A is a base type, ^Ilxi'.Bi. . . . IlXn'.Bn.A^ has 
type T ^^ o where r is If-obj —>■...—>■ If-obj -> If-obj with n 
negative occurrences of If-obj. Once the translation of LF types is 
in place, we define ^M : A\ derivatively to be ("B^^J (^^))- 

Twelf specifications are encoded by dropping all kind assign- 
ments and translating each type assignment they contain. As an ex- 



ample, the Twelf specification of append translates into the clauses 
in Figure |4] From these clauses, we can, for example, derive the 
goal hastype {cons (s z) nil) list and we could search for terms 
X satisfying the goal 

hastype X {append {cons z nil) 

{cons (s z) nil) 

{cons z {cons (s z) nil))). 

Let r' be the translation of an LF context F and a' be the 
translation of the LF judgment a. These translations are based on 
an implicit hohh signature E. In the case that all the free variables 
in a belong to dom{T), then, in fact, S consists of an isomorphic 
copy of the symbols in doni{T). Henceforth, we shall assume E 
to be just such an hohh signature and we shall write F' — > a' 
as a shorthand for E; F' — s- a' . The correctness of the (simple) 
translation is then the content of the following theorem. 

Theorem 1. Let T be a well-formed canonical LF context and 
let A be a canonical LF type such that T 'r A : Type has a 
derivation. IfV h M : A has a derivation for a canonical object 
M, then there is a derivation of ^V^ — > ^M : A\. Conversely, 
M) has a derivation for any hohh term M of 



appropriate type, then there is a canonical LF object M such that 
M = {M') and T \- M' : A has a derivation. 

Proof outline Completeness can be proved by a simple induction 
on the LF derivation, building an hohh derivation that mimics its 
structure. Soundness is more involved: we proceed by induction 
on the hohh derivation, gradually recovering the structure of M', 
maintaining the derivability of F h A : Type that allows us to 
build an LF derivation even in the case that abs-obj was the last 
rule used. The detailed proof is presented in Appendix IaI 

The simple translation presented in this section cannot be the 
basis of a practical implementation of logic programming in LF. 
Proof search using a program it produces may involve repeatedly 
proving goals of the form hastype M A for (encodings of) the 
same object A/ and type A. This can be seen from the example in 
Figure|4l at every step of deriving an instance of append, the lists 
must be checked to be well-typed, which artificially introduces a 
quadratic complexity. An important point to note, however, is that 
this redundancy in "type-checking" is not easily detectable from 
the hohh program that is generated. Rather, it must be determined. 
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Figure 5. Rigidly occurring variables in types and objects 



and shown to be safely eliminable, based on deeper properties of 
LP terms. It is this issue that we take up in the next section. 

5. An Improved Translation of Twelf 
Specifications 

In order to make the translation of LP specifications into hohh 
practical from an implementation standpoint, we make two opti- 
mizations. 

The first, and main, optimization exploits the fact that we are 
considering derivations of the form F h M : A where F and A 
have already been type-checked. Por example, we may be wanting 
to determine whether the LP type 

append {cons z nil) nil {cons z nil) 

is inhabited. Before attempting to do this, we would have already 
determined that append {cons z nil) nil {cons z nil) is a valid 
type, which means, for instance, that we would have checked that 
{cons z nil) is a valid object of type list. Therefore, there is no 
need to show again that {cons z nil) has this property in the course 
of searching for an inhabitant of the displayed type. Our optimized 
translation takes advantage of this kind of observation by statically 
removing some run-time checking from the translation of LP typ- 
ing. More specifically, our optimization is based on the following 
idea. Suppose we can determine that, for a particular i, ti must al- 
ways appear in the type {A[ti/xi, . . . , tn/xn]) ■ Then the trans- 
lation of the type na;i:ii?i. . . . IlXn'-Bn-A does not need to include 
explicit type-checking over the instantiation of Xi. We characterize 
some of these cases by using the notion of a rigid occurrence ofxi 
in A that is expressed formally through the judgment x; Xi Ct A 
defined by the rules in Figure [5j the rules app, and pi, in this fig- 
ure act on LP types, and the rules init„, app„, and abs„ act on LP 
objects. We shall allow type checking over instantiations of rigid 
variables to be eliminated from the simple translation. By doing so, 
we shall both reap an efficiency benefit and also make the result of 
translation correspond more closely to the original LP type. 

The second optimization is more transparent, not depending on 
deep properties of dependent types. The essential observation is the 
following. Instead of producing predicates of the form 

hastype X {append L K M) 

and hastype L list, we can specialize them to append X L K M 
and list L. This results in a hohh program that is much clearer, 
and more closely related to the original LP specification. Moreover, 
this simple transformation can also lead to better performance in a 
logic programming setting because it allows for the exploitation of 
a common optimization, namely, the indexing on a predicate name 



that speeds up the determination of candidate clauses on which to 
backchain. 

The improved translation that uses these two ideas is presented 
on Figure |6] The |»]]p translation is used on type assignments ap- 
pearing negatively (notably context items) and \»\~ on positive 
typing judgments (notably the conclusion of LP assertions). As be- 
fore, that translation is entirely guided by the type, and defined 
for all canonical types. We shall use the notation \M : A\~ for 
(|lA|~(Af)), and define \r\^ as the result of applying |»]]+ to 
each context item, dropping kind assignments. Note that instead 
of replacing unnecessary typing judgments with T we could sim- 
ply elide them all together; we use T as a placeholder because it 
simplifies later proofs. This translation is illustrated by its applica- 
tion to the example Twelf specification considered in Section|3]that 
yields the clauses shown in Pigure|7] These clauses should be con- 
trasted with the ones in Figure |4] that are produced by the earlier, 
naive translation. 

We shall now establish the correctness of the optimized trans- 
lation. We first prove a fundamental lemma concerning rigidly oc- 
curring variables, that is in fact an observation about LP: for an LP 
base type A, if we have derivations of 



F h lixv-Bi. . . .IiXr,:Br,.A : Type 
r h A[tT,/xi...t^/xr^\ : Type 



and 



and there is a rigid occurrence of Xi in A, i.e., x; Xi Ct A has a 
derivation, then T \- ti : Bi\t\/x\ . . . ti-i/xi-i] has a derivation. 
The idea of the proof is as follows. The judgment x; Xi Ct A gives 
a path in A that leads to Xi, and this path can never be erased by the 
considered substitution; following this path simultaneously in the 
two LP derivations, one eventually finds on one side a derivation 
of F h Xi : Bi and on the other side the expected derivation of 

F h f, ■.Bi[tl/Xl,...,ti-l/x^^l]. 

In order to be able to use this observation in our correctness ar- 
gument, we formulate a stronger, rather technical lemma that deals 
directly with encoded types that are the result of instantiations of 
(a priori) arbitrary hohh terms, and ensures that discovered hohh 
terms are in fact encodings of LP objects. These technical details 
concerning encodings are tedious but shallow, and the essential 
structure of the proof follows the lines sketched above. 

Definition 1. Let t be a vector of hohh terms, and x a vector of 
variables of the same length. If M and N are LF objects, then we 
write {M ~ N)[t\/xi . . . tn/xn\ when 

(M> = (Af)[fi/xi...i„/a;„]. 

For LF types A and B, we write {A r^ B) \ti/x\ . . . tn/xn] when 
the two types are equal up to (• ~ •)\t\/xi . . . t„/x„\ on objects 
within. Finally we extend this notion to contexts of the same length 
by pushing it down to the types bound by the context. We shall omit 
t and X when they are obvious from the context, simply writing 

Lemma 1. Let t be a vector of hohh terms, x a vector of 
variables, and B of canonical LF types, all of same length, such 
thattj = (tj) for j < i. Let To = xi : Bi, . . . ,Xn '■ Bn. 

L Let F and A be LF contexts, M an LF object and A a type, all 
being assumed canonical. Let & be dor7i( A). Suppose that there 
are derivations of x; 5; Xi \Zo A/anrfF,Fo,A \- M : A 
and F, A' h M' : A', with A' - A, M' ~ M and 
A ~ A. Then ti is of the form (ti) and there is a derivation of 
F h t',:B,[t[/xi,...,t'i_-L/xi-i]. 

2. Let Ilx:B.A be a canonical type, where A is a base type. 
Suppose that F h Ilx:B.A : Type and x\ Xi Ct A have 
derivations. Further, for some A such that A ^ A, suppose 
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Figure 6. Optimized translation of LF specifications and judgments to hohh 
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Figure 7. Optimized translation of the LF specification for append 



thatV \- A' : Type has a derivation. Thenti = (t'j) and there 
is a derivation of T h ti : Bi[t-^/x\, . . . ,ti_-^/xi-\\. 

Proof. We prove part ( 1 ) by induction on the structure of the deriva- 
tion of x; 5\ Xi Co M. In the argument below, we let V be the 
derivation of F, To, A h M : A, and D' be the derivation of 

F, A' h A/' : A'. 

• In the base case of init„, M — Xi y where y are distinct 
bound variables from 5. The derivation D must consist of n 
app-obj rules and a var-obj rule on Xi, whose type Bi must be 
of the form Ilz^.D, with A = D[~y' /^]. Note that, because 
the variables yi are distinct bound variables that are fresh with 
respect to D, this substitution can be inverted, and we thus 
have A[z/y] — D. The other subderivations of the chain 
of app-obj applications are instances of var-obj establishing 
y, : C4^/T], hence {y, : Ci[t /^]) £ A' for C, ~ C,. 
We next determine t'^. By 77-equivalence we can assume that ti 
is of the form Xzi . . . Xzn.u. We have 

{M')=t.t^u[t/^], 
henceu = {M')[~t /if] = {M'[^/l/]). Letu' = M'['t/lf] 
and f ■ = Xz:C'.u'. We have 

(t'i) = Xzi...Xz„.{M')[-t/t] 
— Xzi . . . Xz„. u — ti. 



We know that D' derives F, 
obtain a derivation of 



A' h M' : A'. From this we 



F,A'[^/^] hu':A'[-t/t] 

by renaming variables 1/ into z', employing Proposition[2] The 
context A'[z/y] contains assignments (zi : C'i) and the other 
variables in its domain do not occur in u nor A'[z/ y ] (since 
A' r.^ A, A ^ D[lf/~^] and D is a subterm of Bi which 
cannot contain any yi). We then have 

F h (X^'.u) : {n^'.A'[-t/lf]) 

by weakening unused variables and using abs-obj to introduce 
the variables z. This is a typing derivation for i^; we must now 
show that the associated type is actually the expected one: 



Wehave {A)[ti/xi...t„/x„] = {A[t[/xi . . .t'i_-i^/xi-i]) 
and A' ~ A, from which we obtain, by injectivity of (•), 
that A' — A[t'i/x'i . . .t'i_i/xi^i]. The same goes for C'i 

and Ci. Since Bi — Ilz:C.A[z /y], and the substitutions 
[t'l/x'i . . . ti_i/xi-i] and [z/y] permute, we have: 

uIc'.A'[-^/t] = B,[t[/x[ . . .Ci/x,_i] 

• In the ABSo case, we have M = Xy.Ai.N and D ends with the 
abs-obj rule as follows: 

F, Fq, A h Al : Type F, Fp, A,y : yli h AT : A2 
F,Fo,A h {Xy.Ai.N) : {ny.Ai.Ai) 

Then A' ~ 11^:^1.^2, and hence A' must be of the form 
ny:A'i.A'2 where A'i ~ At. Similarly, we obtain that M' is 
of the form Xy.A'i.N' with A^' ~ iV. Then, V must contain a 
derivation of 

r,A',y:A[ h N' -.A'^, 

and we conclude by the inductive hypothesis. 

• In the APPo case, we have M = y Ni . . . Nm, y ^ x and 
x;5;Xi Co Nj. Let Ilzi'.Ci. . . . Ilzm'.Cm.D be the type of y 

in (F, A) . The derivation V starts with a chain of app-obj appli- 
cations, followed by var-obj on y. The premise corresponding 
to Nj establishes that 

F,Fo,A h N, ■.C,[Ni/zi,...,N,-i/zj-i] 

In (F, A'), the variable y is assigned the type Tlz:C' .D' with all 
C^ ^ C'k. Moreover, since M' ~ {y Ni . . . Nm) and since y 
is not affected by the instantiation of x, it must be that M' is of 

A*', . The derivation V' 



with all Nj 



B^[t[/xi 



l/Xi 



the form {y N[ . . . N'^ 

must proceed in a similar fashion, namely a chain of app-obj 
applications followed by var-obj on y. Therefore we have a 
derivation of 

F, A' h TVJ : C',[N[/z,,. . .,N'j_Jzj.i\ 

We can conclude by the inductive hypothesis because 

C',[N[/z, . . . iVJ_iA,„i] ~ C,[7ViM . . . iV,_i/z,_i] 

(which relies on the disjointness of x and ~z). 



The proof of (2) follows a similar pattern. First, by a straight- 
forward inspection of the first rules of the derivation of 

r h Hx^.A : Type 

we extract a derivation of F, To h A : Type. Then, since y4 is a 
base type, it must be (by rule APP,) that Xi rigidly occurs in one 
of its arguments M. Note that A and A' have the same structure 
on the path leading to i\f , since no object is involved there. Hence, 
a simultaneous inspection of the first rules of the derivations of 
r, To \- A : Type and T h A' : Type yields derivations of 
r, To \- M -.T and F h M' : T' for M' ~ M and T' ~ T. We 
can conclude using part (1). D 

The definition of rigidity described above might seem restric- 
tive. In particular, one might want to allow 

r;S;x Co xN 

in INIT„. However, with such a rule the rigidity lemma described 
above is no longer true. For example, in a signature P containing 
num : nat — !> Type and 7ium„ : Iln:nat.{num n), the object 
t = nunin provides a counter-example to Lemma [T] part (1): 
we have F, x : (nat -^ num z) h (x z) : (num z) and 
F h [t z) : [num z) but not F h i : nat -^ num z. This 
example highlights a crucial aspect of our definition: the applica- 
tions allowed in init„ should always induce invertible substitutions. 
As in higher-order pattern unification 1 13, 18], we achieve this by 
restricting to applications involving a simple form of /3-reductions 
called Po-reductions that are similar to renaming. 

We now use Lemma[T]to prove the correctness of the optimized 
translation. 

Theorem 2. Let T be an LF context, A an LF type, both canonical, 
such that \- F ctx and T \- A : Type are derivable. Then when M 
is an arbitrary hohh term, ^F J — )■ ^A^(M) has a derivation if 
and only if\r\ — > \A\^ {M) has a derivation. 

Proof. We establish the soundness direction by induction on the 
derivation of the optimized translation, maintaining the assump- 
tions about F and A. 

If A is of the form Hx:B.A' our derivation ends as follows: 
lV,x:Bl+^lA'r{Mx) _^ 

ir}+ ^plx-.B. AT (M) 

First, r \- B : Type, h (F, a; : B) ctx and r,x : B h A' : Type 
must have derivations since F and A are well-formed. We can thus 
apply the inductive hypothesis, obtaining that 

ir,x:B}^iA'}{Mx) 



and 



F h t'j -.B-jlt'i/xi, 



. , Lj_l 



/^j 



has a derivation. By Vi? and 3 R, 
one as well. 



?rj -^ iUx:B.A'}{M) has 



If ^ is a base type, then our de rivat ion starts with a backchaining 
on the encoding of some [y : Ilx:B.A') G F, i.e., on 

Vxi. (IBi]-(si)D...D 

\/x„.aB4-{x„)Diuiyl^)lN\))). 

In particular, this rule application has the form 

[F]+^Fi ... [F]+^F, 



irr 



(M(y^)(7V))[i/x] 



backchain 



where Fi is either {{BiJ^ {xi))[ti / xi , . . . ,ti/xi\ or T. We per- 
form an inner induction on i < n, showing that for all j < i, 
tj — (t'j) for some LF object t'j, and that we have derivations of 



in ^ iiBAt'^/x^, 



l/Xj-l]}t'j) 



• We first treat the case where Fi = T, i.e., there is a derivation 
ofx;xi Ct A' . We assumed that F \- A : Type, and since F 
is valid we also have a derivation of F h Tlx:B.A' : Type. 
We can thus apply Lemma [T] to obtain t[ and a derivation 
of F h t'i : Bi[t'i/xi, . . . ,t'i_i/xi-i], and we conclude by 
Theorem [T] 

• When Fi 7^ T, we can see that within the derivation of 

F h Rx^.A' : Type 

there is a derivation of 

r,xi : Bi,. .. ,Xi-i : Bi-i h Bi : Type. 

By substituting (Proposition [TJ the derivations provided by the 
inner inductive hypothesis on this formula we construct a deriva- 
tion of 

F h Bt[t[/xi,...,t'i_i/xi-i] : Type. 

We can now apply the outer inductive hypothesis on Fi, to 
conclude that {F| — > {iBi[t'i/xi, . . . ,t'i_i/xi-i]} ti) has 
a derivation. By Theorem [T] we finally obtain that ti is of the 
form (t'i). 

We compose all derivations 

m ^ iB,[t'jx^, . . . ,t\_jx,^^]} t, 

by backchain on the encoding of {y : Wx\B.A') G F, obtaining the 
expected derivation of 

|r} -^ hastype {y~t) {u {N])[t/i] 

Completeness is proved by an induction on the derivation of 
the simple translation. This direction is rather straightforward as 
it consists only of dropping information. Details can be found in 
Appendix |A] D 

Therefore, by Theorems [T]and|2l intuitionistic provability under 
the optimized translation is equivalent to provability in LF, and the 
following is a theorem. 

Theorem 3 (Optimized translation correctness). Let F be an LF 
.specification such that h F ctx has a derivation, A an LF type 
such that V \- A : Type has a derivation. Then, for any LF object 
M such that V h M : A has a derivation, |F]+ — 5> [M : ^4]" 
is derivable. Moreover, ;/ |[F|^ — > IAI~ (M) for an arbitrary 
hohh term M, then it must be that M = {M') for some canonical 
LF object such that F h A^f : A has a derivation. 

6. Performance Comparisons 

We have claimed two properties for our translation: that it produces 
an hohh program which corresponds closely to the original LF 
specification, and that this program provides an effective means for 
executing the specification. Evidence for the first claim is provided 
by the translation of the append specification presented in Figurel?] 
especially when one uses the easily applied simplification of a 
formula of the form T D F to F. Notice also the correspondence 
of the definition of the append predicate to the one that one might 
in, e.g., Prolog, if one drops the first "proof term" argument of the 
predicate. To fully appreciate this benefit, it is necessary to consider 
larger examples that space does not allow us to do in this paper. 
However, such examples are available with the implementation 
12311 . We suggest that the reader look especially at the example of 
the evaluator for Mini-ML with terms that are not indexed by their 
type that is described below in the collection of benchmarks: the 
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Twelf Simple Optimized Typed Optimized Indexing 



reverse(lO) 


1.0 


0.40 


0.14 


0.07 


0.08 


reverse(20) 


1.0 


0.57 


0.19 


0.12 


0.11 


reverse(30) 


1.0 


0.63 


0.20 


0.14 


0.11 


reverse(40) 


1.0 


0.41 


0.13 


0.10 


0.07 


reverse(50) 


1.0 


0.46 


0.15 


0.10 


0.08 


miniml(50) 


1.0 


0.74 


0.25 


0.18 


0.08 


miniml(lOO) 


1.0 


1.25 


0.44 


0.30 


0.17 


miniml(150) 


1.0 


1.75 


0.56 


0.41 


0.25 


miniml(200) 


1.0 


2.89 


0.83 


0.62 


0.41 


typed miniml(50) 


1.0 


2.27 


1.07 


0.57 


0.48 


typed miniml(lOO) 


1.0 


2.22 


0.76 


0.49 


0.38 


typed miniml(150) 


1.0 


3.49 


1.44 


0.67 


0.55 


typed miniml(200) 


1.0 


3.70 


0.92 


0.67 


0.55 


perm(lO) 


1.0 


overflow 


3.13 


0.94 


0.72 


perm(20) 


1.0 


overflow 


1.75 


0.78 


0.44 


perm(30) 


1.0 


overflow 


3.05 


1.52 


0.81 


perm(40) 


1.0 


overflow 


3.95 


2.15 


1.14 


perm(50) 


1.0 


overflow 


5.05 


2.88 


1.59 


num(64) 


1.0 


158.19 


0.25 


0.23 


0.21 


num(128) 


1.0 


oo 


0.10 


0.10 


0.07 


num(256) 


1.0 


oo 


0.15 


0.14 


0.13 


num(512) 


1.0 


oo 


0.003 


0.003 


0.003 



Figure 8. Performance comparison results 



translation results in an hohh program that is what one might write 
in hohh directly. 

To test the second claim, we have carried out performance com- 
parisons between the Twelf implementation that interprets LF spec- 
ifications directly via a Standard ML program and an implemen- 
tation obtained by translating these specifications into hohh pro- 
grams and then executing these using the Teyjus system. We present 
results here over programs that have a few different characteristics: 

• First, as we are interested in logic programming in LF, the 
traditional logic program for naively reversing a list a n times 
is included. 

• The encoding of evaluators for various languages is a common 
usage of LF. We have therefore used an encoding of Mini-ML 
along with an encoding of addition as another sample program. 
This benchmark, called minimi, consists of adding n to 10 using 
the encoding. 

• The minimi specification does not make essential use of depen- 
dent types. The typed minimi benchmark, which consists of an 
evaluator for Mini-ML in which terms are indexed by their type, 
uses dependent types to ensure that terms are well-formed. The 
Mini-ML program that was run is a typed version of the encod- 
ing of addition. 

• An implementation of a meta-interpreter for intuitionistic non- 
commutative linear logic (INCLL) has been proposed as a test 
program [21]. The perm benchmark tests list permutation en- 
coded in INCLL and run using the meta-interpreter on lists of 
length n. 

• The last benchmark, referred to as num, involves rewriting arith- 
metic expressions into an equivalent normal form. This exam- 
ple again makes essential use of dependent types by associating 
with each equivalence of two such terms a proof of their equiv- 
alence. The benchmark tests rewriting expressions of size n. 

The third through fifth columns of Figure [8] present data com- 
paring the simple translation, the translation with redundant typ- 
ing judgments removed, and the fully optimized translation against 
the standard of Twelf with default optimizations on these bench- 



marksQ As described in Figure |6l the fully optimized translation 
inserts the proof term as the first argument of the predicate gener- 
ated. Since this term is to be determined by proof search, advantage 
cannot be taken of the capability Teyjus possesses of indexing on 
the first argument. The last column presents data for the case where 
we make the proof term the last argument instead. In the data pre- 
sented, overflow indicates a heap overflow in the Teyjus simulator, 
and CX3 means that the program ran more than 1000 times longer 
than Twelf. 

The most optimized translation leads to better performance in 
most cases, often significantly so. On the other hand, the simple 
translation yields a program that is generally slower than Twelf. In 
particular, performance tends to deteriorate with larger problems 
sizes, in keeping with the difficulty that we noted with this trans- 
lation. However, the simple translation is still comparable to Twelf 
on the first three benchmarks. On the perm benchmark, Twelf does 
quite well and even out-performs Teyjus with the optimized trans- 
lation on problems of large size. We have yet to pinpoint the reason 
for this — the program is large and difficult to analyze in detail — but 
we suspect that the linear head optimization that delays expensive 
unification computation till after simpler checks have been made 
may have something to do with this. The fact that term indexing 
causes significant improvement with Teyjus gives credence to this 
observation. 

For problems of very large size with all the benchmarks, the 
performance of Twelf deteriorates quite dramatically; this is seen, 
for example, in the case of num(n) for a problem of size 512. This 
phenomenon is linked to the fact that Twelf consumes excessive 
amounts of memory. The ultimate source of this problem is perhaps 
the fact that Twelf is implemented in SML: it has been argued that 
realizing a logic programming language in a functional program- 
ming setting can lead to poor memory reclamation and eventually 
to shortage of space [30. 



■* This setting with Twelf leads to the best performance on these examples. 



7. Conclusion and Future Work 

We have considered in tliis paper a translation of Twelf specifica- 
tions into logic programs in the hohh language. An important part 
of our ideas is the recognition of certain situations in which type 
information is redundant in LF expressions and hence its check- 
ing can be avoided. Our eventual translation produces a program 
that corresponds closely to the original specification and we have 
argued that it can be the basis for an effective animation of Twelf 
descriptions. 

The specific work undertaken here can be extended in a few dif- 
ferent ways. As an extension to our notion of rigidity, we might 
observe that, when applying a variable of type Ilx:B.A, we could 
identify redundant type information, not only between a Bi and A, 
but also between a Bi and a different Bj. It would also be inter- 
esting to relate our work to the ideas of Reed |22] who describes 
a notion of strictness similar to rigidity, used for the different pur- 
pose of identifying sub-terms of LF objects that could be recon- 
structed if elided - in contrast, we avoid redundant type check- 
ing but still generate a complete LF object. Such an understanding 
might lead both to an improvement of our translation and to the 
ability to shorten LF terms that are needed in applications such as 
that of proof-carrying-code 1 17]. From an implementation perspec- 
tive, another possible optimization is to avoid constructing an LF 
object explicitly when the task has been identified as that of only 
determining whether a type has an inhabitant: experiments in this 
direction indicate in some cases a ten-fold performance improve- 
ment over the optimized translation. Techniques from the area of 
extracting programs from proofs that pertain to isolating parts of a 
proof that do not contribute to its overall computational content — 
e.g.,, see |25] — are potentially useful to the application of such an 
optimization; these techniques might provide the basis for noting 
components of a type whose inhabitants do not participate in the 
term corresponding to the overall type. 

We have focused here on realizing Twelf through a translation 
to AProlog. A different approach, worthy of investigation, is that of 
compiling Twelf specifications directly to bytecode for the virtual 
machine underlying the Teyjus system. Such an approach would 
make it possible to realize optimizations that have been developed 
for the direct implementation of Twelf 1 20 , 2 1 ] . Of special note here 
are optimizations like the linear heads treatment of unification de- 
scribed by Pientka and Pfenning 1 21] for minimizing occurs check- 
ing, that could make a difference in examples such as the perm pro- 
gram considered in the previous section: direct compilation would 
allow us to regain opportunities for such improvements that might 
be lost by translating first to AProlog and then relying on its im- 
plementation that is not specially optimized to treat Twelf-specific 
programs. 

A more ambitious line of development concerns meta-reasoning 
over specifications. Existing tools might be used to reason about 
LF programs via the translation, the transparency of the translation 
becoming essential. Anecdotal evidence suggests that this trans- 
parency is not only enabling, it is also elucidating: that the gener- 
ated hohh program is easier to reason about because it highlights 
those types that could have logical importance, and elides those that 
do not. 
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A. Proofs of Theorems 

A.l Correctness of the simplified encoding 
(Tlieoremll) 

A. 1.1 Completeness 

We use induction on the derivation of F h M : A to build one for 
^rj — Y ^M : A\. We proceed by case analysis on the canonical 
type A. 

liA is of the form YVx.B.A' then M must be of the form \x:B.M' 
and the LF derivation must end with an abs-obj rule, i.e., a rule of 
the form 

F h ^' : Type r,x : B h M :' A' 

abs-obj 

F h {Xx:B.M') : {Hx-.B.A') 

The induction hypothesis gives us a derivation for 

ir,x:B}^iM':A'}. 

By applying the rules VR and D i? to this, we get a derivation for 
gFj — > \/x. {a; : BJ D gi\f' : A'^. The righthand side of this 
sequent is the expected goal: 



\x:B.M" 

Wx 



{nx:B.A' 
Jx:BlD 



and (Af'> 



{{Xx:B.M'} x)), 
{{Xx:B.M') x) by virtue of 77-conversion. 



If j4 is a base type then Af must be of the form 2; A'^i ... Nn and 
the canonical LF derivation must end with a chain of app-obj rules 
following a var-obj rule that reveals that 

X : Uyi:Bi....Uyn:Bn.A' e F. 

Moreover, A must be A'[Ni/yi, . . . , Nn/y-n] and, from looking at 
the right upper premise of the app-obj rules, there must be shorter 
derivations of 

r h TV, :B.[iVi/xi,...,7V,_i/s,_i] 

for 1 < i < 71. By the induction hypothesis we obtain derivations 
©iofgrS -^ IN, ■ B4iVi/xi,...,Ari_i/x,_i] J. Further, 
f r J must contain 

Vyi.({BiSyi)D...D 

Vy„. (S-BnS 2/,i) D hastype {x yi ... y„) {A'), 

i.e., the encoding of x : nyi:i3i. . . .Ilyn'.Bn.A' . By applying 
backchain on that clause, choosing (Ni) for yi and using the deriva- 
tions Vi, we obtain a derivation of 

|rj -^ hastype {x (Ni) . . . (TV,,)) 

((A')[(TVi)/yi,...(TV„)/y„]). 

The right side of this sequent is precisely 

f (x Nr ... N„): A'[N^/y^,. . . ,TV„/y„]J. 



A.1.2 Soundness 

We prove the soundness direction by induction on the derivation 
of f rj — ^ (1^8 M): assuming that T h A : Type has a 
derivation, we establish that M = {M') for some canonical object 
M' and we build a derivation of F h M' : A. A case analysis on 
the structure of the canonical type A will guide us. 

If A is of the form Ilx:B.A' then the structure of f A J forces the 
hohh derivation to conclude as follows: 

ir,x:B}^{iA'}iMx)) 

= VJ?, DR 
|rl^V.T.(fBS.r)D(KS(Mx)) 

Since yl is a valid Type under F, B must also be, and A' must be 
valid under (F, x : B). We can thus apply the inductive hypothesis, 
and we obtain that M x = (M') and that r,x : B h M' : A' 
is derivable for some canonical object M' . Since x does not occur 
free in M, we conclude that 

M = {Xx.{M')) = {Xx:B.M'), 

and we derive F h [Xx:B.M') : {Ilx:B.A') using the abs-obj 
rule and our derivation of F h B : Type. 

Otherwise, yl is a base type, and the derivation we are considering 
is that of -J^F J — > hastype M {A) . This derivation must end in a 
backchain rule that uses some clause in jf F]} of the form 



D hastype {x yi ... y„) {A'); 

. , yi-i can appear in -f Bi} here. Thus, 

..,TV„, 

■,Nr,/yn], 



Vyi. (fiBiSyi)D. 

Vj/n. (SBn J yn 

note that the variables j/i , . 
for some hohh terms TVi , 

{A) = {A')[N^/y^,. 

M — {x Ni ... TVn), and, for each i such that 1 < i < n, there is 
a shorter derivation of 

«rj^(SB,|y,)[TVi/yi,...,TV,/y,], 

i.e., of |rj -^ iiB^}[Ni/yi, ..., TV,_i/y,_i] TV,). Further, 
we know that x : Uyi'.Bi. . . . Ilyn'.Bn.A' £ F for some x. We 
now claim that, for 1 < i < n, TVi = (Ni) for some canonical 
LF object TVi and that F h TV^ : Bi[N[/yi . . . TV^-i/yi-i] has 
a derivation. If this claim is true, then, we can use the var-obj rule 
to derive T \- x : Ilyi:Bi. . . . Ilyn'.Bn.A' and follow this by a 
sequence of app-obj rule applications to prove 

F h (a;TV; ... K) : A'[N[/yr . . . K/y„]. 

Now, evidently A'l = {x N[ ... TV^) and, since substitution 
permutes with encoding, A — A'[N[/yi, . . . , N'n/yn]- Thus, the 
desired result would be proven. 

It only remains to establish the claim. We actually strengthen it 
to include also the assertion that, for 1 < i < n. 



I h B,K/j/i...Tv;_i/j/,_ 



Type 



has a derivation. To prove it, we use an inner induction on i. Since 
F is a well-formed context, and x : Ilyi'.Bi. . . . Ilyn'.Bn.A' G F, 
there must be a derivation of 



F,a::i 



Bi, . . . , Xi-i : Bi-i h Bi : Type 

for 1 < i < n. Using Proposition [T] and the induction hypothesis 
we see that there must be a derivation of 

F h B,[TV;/j/i...TV;_i/y,_i]:Type. 

Noting that 

gB,}[TVi/j/i, . . . , TV,_i/y,_i] = SB,[TVi/yi, . . . , TV,_i/y,-i]|, 

the outer induction hypothesis and the shorter derivation of 

(f-B.S[A^i/yi,---,^«-i/j/.-i]^0 



allows us to conclude that A'^^ = (N^) for some canonical LF term 
Ni and that there is a derivation of 

r h N::B,[N[/yi...NLi/y^-i], 
thus verifying the claim. 

A.2 Completeness of the optimized encoding (Theorem|2) 

If frj — ^ f^J^-f has a derivation, then |r]l+ — > {Aj'M 
has a derivation as well. Note that for this direction of the proof 
we are simply dropping information (subderivations) and so we 
do not rely on F being a valid specification or A being a valid 
type. We proceed by induction on the structure of the derivation 
of 'S^rJ — ^ S^S-^'^' followed by case analysis on A. 
If A is of the form Ilx:B.A' our derivation ends as follows: 

ir,x: B}^lA'}{Mx) 

: VR, D R 



iUx:B.A'} M 

By the inductive hypothesis |F, x : B}+ — > {A'}" {M x) has a 
derivation, and by applying VJ? and D R to this derivation we can 
construct a derivation of 

[F]+ -^ IHx-.B.A'r M 

Otherwise, yl is a base type and our derivation proceeds by backchain- 
ingonsome(y : Ilx^.A') G F, with (A) = {A')[ti/xi . . .t^/x^]: 

Fi ... |FJ ^ F„ 

backchain 



(yt) 

Here, Fi = {^Bi^ Xi)[ti/xi . . .t„/x„]. As in the completeness 
proof of the simplified encoding, we obtain by an inner induction 
that each ti is of the form (t^) and thus that 

F, ^iB,[t[/xi...t',Jxn] 



We shall build the derivation of |[FJ+ — > |yl]|~(t; t ) by using 
backchain on the optimized encoding of (y : Tlx'.B.A') G F, by 
choosing t for "a; . The resulting premises are either 

lrj+ ^iB4t[/xr...t'Jx„]rU 

when Xi does not occur rigidly in A', and this case is provided for 
by the inductive hypothesis, or T otherwise, which we derive using 
JR. 



